Pia-ctep-esys-v2

PIA Validation (PIA Significant System Refresh/Annual Review) Management Change Anonymous to Non- Alteration in Character of Anonymous Data

₉ Indicate the following reason(s) for updating this PIA. _{New Public Access New Interagency Uses}

^{Choose from the following options.} Internal Flow or Collection Conversion

Commercial Sources

As of July 31, 2017, additional data elements (Employment

_{Describe in further detail any changes to the system} Status, Employment History, Certificates and Education

¹⁰ _{that have occurred since the last PIA.} Records, Publications, Memberships, Honors, Medical Licenses,

Clinical Trial Support History and Trainings) will be gathered

for investigators.

The mission of the National Cancer Institute's (NCI) Cancer Therapy Evaluation Program (CTEP) is to improve the lives of cancer patients by finding better ways to treat, control and cure cancer. CTEP accomplishes this mission by funding an extensive national program of cancer research and by sponsoring clinical trials to evaluate new anti-cancer agents, with a particular emphasis on translational research to

_{11 Describe the purpose of the system.} elucidate molecular targets and mechanisms of drug effects.

The NCI CTEP Enterprise System (CTEP-ESYS) is the repository for the information gathered and shared for these clinical trials.

The purpose of the CTEP-ESYS is to assure patient safety, meet the NCI CTEP scientific, administrative and operational program mission, and all regulatory requirements for NCI CTEP clinical trials.

CTEP-ESYS collects, maintains, and shares administrative/ operational, scientific, safety and regulatory data related to clinical trials. Information is used to assure patient safety; for scientific decision making, study drug management, regulatory oversight; and to facilitate administrative operations.

The information that CTEP-ESYS collects, maintains or shares include investigators and clinical trial support staff information, patient data, protocol documents, clinical trial sites/networks information, disease information and

^{Describe the type of information the system will} classification, drug inventory, drug orders and drug shipments,

₁₂ ^{collect, maintain (store), or share. (Subsequent} safety reports, site audit reports, Investigational New Drug questions will identify if this information is PII and ask _{(IND) submission records.}

about the specific data elements.)

This specifically covers the following:

For Investigators: Name, Email Address, Mailing Address, Phone Numbers and Month/Year of Birth for contact and verification purposes. Employment Status, Employment History, Certificates and Education Records, Publications, Memberships, Honors, Medical Licenses, Clinical Trial Support History and Trainings to enable sponsor to determine that investigators are qualified to participate on a clinical trial per US FDA CFR.

For Clinical Trial Support Staff: Name, Email Address, Mailing

^{Provide an overview of the system and describe the} CTEP-ESYS collects, maintains, and shares administrative,

^{13 information it will collect, maintain (store), or share,} safety and regulatory data related to clinical trials. Information ^{either permanently or temporarily.} is used to assure patient safety; for scientific decision making,

Yes

14 Does the system collect, maintain, use or share PII?

No

Social Security Number Date of Birth

Name Photographic Identifiers Driver's License Number Biometric Identifiers

Mother's Maiden Name Vehicle Identifiers

E-Mail Address Mailing Address

Phone Numbers Medical Records Number

Medical Notes Financial Account Info

Certificates Legal Documents

Education Records Device Identifiers

Military Status Employment Status

Foreign Activities Passport Number Taxpayer ID

For Investigators:

Name, Email Address, Mailing Address, Phone Numbers and Month/Year of Birth for contact and verification purposes. Employment Status, Employment History, Certificates and

_{Indicate the type of PII that the system will collect or} Education Records, Publications, Memberships, Honors,

¹⁵ _maintain. Medical Licenses, Clinical Trial Support History and Trainings

to enable sponsor to determine that investigators are

qualified to participate on a clinical trial per US FDA CFR.

For Clinical Trial Support Staff: Name, Email Address, Mailing Address, Phone Numbers and Month/Year of Birth for contact and verification purposes.

For Patient Drug Orders: Patient identification (ID) and Patient Initial (two to three characters) are used for patient safety. Study drug repository prints patient specific study drug labels containing this information. Once study drug is labeled, it is shipped to the clinical network pharmacies where drug is dispensed/administered to the patients identified on the label. Patient ID and Patient Initials are used as a verification prior to dispensing/administering drug to the patients.

For Patient Safety Reporting: Patient ID and Patient Month/ Year of Birth for adverse event reporting. The sponsor reviews this information in real-time to assure continuing patient safety for each clinical trial and meet US FDA CFR.

For Demographics Analysis: Patient Zip Code and Patient Month/Year of Birth to be able to answer demographic queries.

16

Indicate the categories of individuals about whom PII is collected, maintained or shared.

Employees

Public Citizens

Business Partners/Contacts (Federal, state, local agencies) Vendors/Suppliers/Contractors

Patients

_Other Investigators and clinical trial support staff at participating institutions

17

How many individuals' PII is in the system?

1,000,000 or more

18

For what primary purpose is the PII used?

The primary purpose of the personally identifiable information (PII) is to support cancer research, clinical trials related activities and meet FDA regulatory requirements.

PII (Name, Email Address, Mailing Address, Phone Numbers and Month/Year of Birth) is collected for investigators and clinical trials support staff participating in the clinical trials for contact and verification purposes, and to communicate with the investigators with respect to clinical research trial activities.

PII (Employment Status, Employment History, Certificates and Education Records, Publications, Memberships, Honors, Medical Licenses, Clinical Trial Support History and Trainings) is collected for investigators participating in the clinical trials to enable sponsor to determine that investigators are qualified to participate on a clinical trial per US FDA CFR.

PII is collected for patients participating in the clinical trials for the following purposes:

1. Patient Drug Orders: Patient identification (ID) and Patient Initial (two to three characters) are used for patient safety. Study drug repository prints patient specific study drug labels containing this information. Once study drug is labeled, it is shipped to the clinical network pharmacies where drug is dispensed/administered to the patients identified on the label. Patient ID and Patient Initials are used as a verification prior to dispensing/administering drug to the patients.

2. Patient Safety Reporting: Patient ID and Patient Month/Year of Birth are used for adverse event reporting. The sponsor reviews this information in real-time to assure continuing patient safety for each clinical trial and meet US FDA CFR.

3. Demographics Analysis: Patient Zip Code and Patient Month/Year of Birth are used to answer demographic queries.

19

Describe the secondary uses for which the PII will be used (e.g. testing, training or research)

None

20

Describe the function of the SSN.

N/A

20a

Cite the legal authority to use the SSN.

N/A

₂₁ Identify legal authorities governing information use and disclosure specific to the system and program.

Legislation authority is Public Health Service Act (42 U.S.C. 241, 242, 248, 282, 284, 285a-j, 285 l-q, 287, 287b, 287c, 289a, 289c,

and 44 U.S.C. 3101).

₂₂ Are records on the system retrieved by one or more PII data elements?

Yes

No

Identify the number and title of the Privacy Act

_22a System of Records Notice (SORN) that is being used to cover the system or identify if a SORN is being

developed.

09-25-0200; Clinical, Basic and Population-based ^Published: Research Studies of the National Institutes of

Health

Published:

Published:

In Progress

²³ Identify the sources of PII in the system.

Directly from an individual about whom the information pertains

In-Person Hard Copy: Mail/Fax

Email Online

Other Government Sources

Within the OPDIV Other HHS OPDIV State/Local/Tribal

Foreign Other Federal Entities

Other

Non-Government Sources

Members of the Public Commercial Data Broker Public Media/Internet

Private Sector

Other

_23a Identify the OMB information collection approval number and expiration date.

OMB Approval #0925-0613 exists for the existing set of PII currently captured by CTEP-ESYS. Expiration date is 03/31/2019.

OMB submission and approval is pending for additional PII data elements (Employment Status, Employment History, Certificates and Education Records, Publications, Memberships, Honors, Medical Licenses, Clinical Trial Support History and Trainings).

24 Is the PII shared with other organizations?

Yes

No

_24a Identify with whom the PII is shared or disclosed and for what purpose.

Within HHS

PII is shared within HHS [FDA, NIH/NCI (Division of Cancer Treatment and Diagnosis, Division of Cancer Prevention, Cancer Trial Support Unit and Cancer Trial Reporting Program)] to support cancer research, clinical trials related activities and meet FDA regulatory requirements.

Other Federal Agency/Agencies

State or Local Agency/Agencies

Private Sector

PII is shared with investigators and clinical networks to support cancer research and clinical trials related activities for their specific patients.

PII is shared with the drug companies for their specific drugs used in the clinical trials for regulatory reporting purposes.

_{Describe any agreements in place that authorizes the} CTEP-ESYS shares PII with the Clinical Trials Support Unit _{information sharing or disclosure (e.g. Computer} (CTSU), a CTEP/NCI sponsored project to increase participation

_{24b Matching Agreement, Memorandum of} in NCI sponsored cancer related clinical trials. A Memorandum

_{Understanding (MOU), or Information Sharing} of Understanding (MOU)/ Interconnection Security Agreement _{Agreement (ISA)).} (ISA) is in place with CTSU that establishes procedures and

safeguards for the information being shared.

_24c Describe the procedures for accounting for disclosures

CTEP-ESYS follows HHS/NIH/NCI security policies and procedures. MOU/ISA are maintained in accordance with NCI/ NIH/HHS policies and procedures. Access to PII is restricted through authentication, authorization and role-based access. CTEP-ESYS Users go through security awareness trainings and acknowledge warning banners during login. More information on security controls has been provided in response to Q38.

Describe the process in place to notify individuals

25 that their personal information will be collected. If no prior notice is given, explain the reason.

Investigators and clinical trial support staff are notified prior to completing their on-line registration process.

Patients are notified as part of the informed consent process prior to participating in a clinical trial.

₂₆ Is the submission of PII by individuals voluntary or mandatory?

Voluntary

Mandatory

^{Describe the method for individuals to opt-out of the} Investigators, clinical trial support staff and patients are not

₂₇ ^{collection or use of their PII. If there is no option to} required to participate in NCI clinical trials. Their options to ^{object to the information collection, provide a} opt-out is not complete on-line registration(investigators or

^reason. support staff) or not sign informed consent (patients).

Users

To support NCI sponsored clinical trials

Administrators

To support NCI sponsored clinical trials

Developers

Contractors

Direct contractors support NCI sponsored clinical trials.

Others

28

Consent is obtained through an annual registration process, which is mandatory for all investigators and clinical trial

^{Describe the process to notify and obtain consent} support staff. These registered users receive system release ^{from the individuals whose PII is in the system when} notes/changes to the system when they are published. major changes occur to the system (e.g., disclosure

^{and/or data uses have changed since the notice at} As part of the informed consent process, patients are notified ^{the time of original collection). Alternatively, describe} that their data may be used for additional research studies. If ^{why they cannot be notified or have their consent} changes were to occur to the use of patients PII data other ^obtained. than what was agreed to in the signed informed consent

document, the clinical trial sites would be notified so that re- consent can be obtained from the patients.

29

Describe the process in place to resolve an

individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not.

Investigators and clinical trial support staff may contact CTEP Help Desk via phone or email should they have any questions or concerns about their PII. Patients should follow the contact information in their informed consent documents.

30

Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not.

Investigators and clinical trial support staff must undergo a mandatory annual re-registration process.

Clinical networks where clinical trials are conducted perform audits to ensure integrity, availability, accuracy and relevancy of patients data. If any issues are found, the clinical networks re-submit data to CTEP-ESYS.

31

Identify who will have access to the PII in the system and the reason why they require access.

32

Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII.

CTEP-ESYS access requests are submitted through an automated system module for approval. All requests are reviewed and validated by the CTEP-ESYS direct contractor who obtains necessary authorizations from CTEP-ESYS system owners or designated officials before approving the access requests.

33

Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job.

CTEP-ESYS enforces approved access authorizations through database and application roles, restricting access to those applications that users are authorized to access. Application level data attributes further restrict access to PII.

34

Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained.

System owners, operators and direct contractors must take the annual mandatory NIH Privacy and Security training.

35

Describe training system users receive (above and beyond general security and privacy awareness training).

Instructor-led trainings, online documentation or phone trainings are provided to system users as appropriate.

CTEP-ESYS data is maintained in a secure database.

The following are in place as Management Controls: Logon Banners

Rules of Behavior System Security Plan

Configuration Management, Change Management Plans and Processes

Disaster Recovery Plan (tested) Interconnection Security Agreement

The following are in place as Technical controls for CTEP-ESYS: User ID and Passwords are required to login to CTEP-ESYS applications

The CTEP-ESYS application is hosted within NIH Network boundaries and is protected by NIH Center for Information Technology (CIT) provided Perimeter Firewall and Intrusion Detection Systems

Secure Sockets Layer (SSL) Encryption is enabled for access to web based interfaces of CTEP-ESYS modules, where necessary

Describe, briefly but with specificity, how the PII will _{Proactive Systems Monitoring and Alerts Management}

^{38 be secured in the system using administrative,} Anti-virus, security updates and patching procedures ^{technical, and physical controls.} Periodic scans on CTEP-ESYS systems

Incidence Response Procedures

System and Database Audit Trails and Logs

The following are in place as Operational controls for CTEP- ESYS:

Personnel Security to comply with NIH background checks and screening required to issue NIH accounts and Personal Identity Verification (PIV) badges

Annual NIH Security Awareness Training Physical and Environmental Protection Backup Procedures

Offsite Storage for Tapes

Video Surveillance of Data Center Contingency /Disaster Recovery Plan Incidence Response Procedures Alerts and Scans

Identification and Authentication User Account Management Process Role based user access to systems Audit Trails

General Comments

Digitally signed by

OPDIV Senior Official ^{Celeste E. Celeste E. Dade-vinson -S}

_{for Privacy Signature Dade-vinson -S} Date: 2018.01.09 16:52:04

-05'00'

HHS Senior _{Bridget M.} DN: c=US, o=U.S. Government, ou=HHS,

Digitally signed by Bridget M. Guenther -S

ou=OS, ou=People,

^{Agency Official} 0.9.2342.19200300.100.1.1=2001734030,

_{for Privacy Guenther -S} cn=Bridget M. Guenther -S

Date: 2018.01.23 09:33:18 -05'00'